Microsoft has confirmed that it will release 12 security bulletins addressing 22 issues on its next Patch Tuesday.
Addressing issues in Microsoft Windows, Internet Explorer, Office, Visual Studio and Internet Information Services (IIS), three of the bulletins are rated as critical, while the other nine are rated as important.
The three critical patches affect flaws in Microsoft Windows and Internet Explorer, including the zero-day flaw and public vulnerability affecting the Windows Graphics Rendering Engine that were not patched last month. Microsoft Trustworthy Computing spokesperson Angela Gunn said that additionally, it will also be addressing an issue affecting the FTP service in IIS 7.0 and 7.5.
Wolfgang Kandek, CTO at Qualys, said: “These vulnerabilities have seen limited exploits in the wild, so applying the update is highly recommended. In addition the lower rated flaw in the FTP service is addressed with an update to the IIS server.
“The remaining updates address flaws in Windows, Office and the development platform Visual Studio. All versions of Windows starting with Windows XP SP3 up to the latest versions Windows 7 and Windows Server 2008 R2. The Office bulletin however, is limited to a relatively small footprint: the Visio versions 2002, 2003 and 2007.
“The recent MHTML issue in Windows/Internet Explorer will not be addressed in this update. The workaround suggested by Microsoft in Advisory 2501696 continues to be the recommended way of mitigating this attack vector.”
Also set to release patches next week is Adobe. These will be updates for: Adobe Reader X (10.0) for Windows and Macintosh; Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and Unix; Adobe Acrobat X (10.0) for Windows and Macintosh; and Adobe Acrobat 9.4.1 and earlier versions for Windows and Macintosh, to resolve critical security issues.
It confirmed that the updates will be released on Tuesday, while an update for Unix is expected to be available by the end of 28 February.